implement output formats, version
This is where we actually implement support for the new, versioned JSON/YAML output formatting.
This commit is contained in:
Lars Wirzenius
parent
dd6950e5fe
commit
0b616e7b6e
1 changed files with 199 additions and 173 deletions
|
|
@ -16,7 +16,7 @@ use sequoia_openpgp::types::{HashAlgorithm, SymmetricAlgorithm};
|
||||||
use sequoia_openpgp::Cert;
|
use sequoia_openpgp::Cert;
|
||||||
|
|
||||||
use openpgp_card::algorithm::AlgoSimple;
|
use openpgp_card::algorithm::AlgoSimple;
|
||||||
use openpgp_card::card_do::{Sex, TouchPolicy};
|
use openpgp_card::card_do::TouchPolicy;
|
||||||
use openpgp_card::{CardBackend, KeyType, OpenPgp};
|
use openpgp_card::{CardBackend, KeyType, OpenPgp};
|
||||||
use openpgp_card_sequoia::card::{Admin, Card, Open};
|
use openpgp_card_sequoia::card::{Admin, Card, Open};
|
||||||
use openpgp_card_sequoia::util::{
|
use openpgp_card_sequoia::util::{
|
||||||
|
|
@ -28,7 +28,12 @@ use crate::util::{load_pin, print_gnuk_note};
|
||||||
use std::io::Write;
|
use std::io::Write;
|
||||||
|
|
||||||
mod cli;
|
mod cli;
|
||||||
|
mod output;
|
||||||
mod util;
|
mod util;
|
||||||
|
mod versioned_output;
|
||||||
|
|
||||||
|
use cli::OUTPUT_VERSIONS;
|
||||||
|
use versioned_output::{OutputBuilder, OutputFormat, OutputVariant, OutputVersion};
|
||||||
|
|
||||||
const ENTER_USER_PIN: &str = "Enter User PIN:";
|
const ENTER_USER_PIN: &str = "Enter User PIN:";
|
||||||
const ENTER_ADMIN_PIN: &str = "Enter Admin PIN:";
|
const ENTER_ADMIN_PIN: &str = "Enter Admin PIN:";
|
||||||
|
|
@ -39,29 +44,37 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
let cli = cli::Cli::parse();
|
let cli = cli::Cli::parse();
|
||||||
|
|
||||||
match cli.cmd {
|
match cli.cmd {
|
||||||
|
cli::Command::OutputVersions {} => {
|
||||||
|
output_versions(cli.output_version);
|
||||||
|
}
|
||||||
cli::Command::List {} => {
|
cli::Command::List {} => {
|
||||||
println!("Available OpenPGP cards:");
|
list_cards(cli.output_format, cli.output_version)?;
|
||||||
list_cards()?;
|
|
||||||
}
|
}
|
||||||
cli::Command::Status {
|
cli::Command::Status {
|
||||||
ident,
|
ident,
|
||||||
verbose,
|
verbose,
|
||||||
pkm,
|
pkm,
|
||||||
} => {
|
} => {
|
||||||
print_status(ident, verbose, pkm)?;
|
print_status(cli.output_format, cli.output_version, ident, verbose, pkm)?;
|
||||||
}
|
}
|
||||||
cli::Command::Info { ident } => {
|
cli::Command::Info { ident } => {
|
||||||
print_info(ident)?;
|
print_info(cli.output_format, cli.output_version, ident)?;
|
||||||
}
|
}
|
||||||
cli::Command::Ssh { ident } => {
|
cli::Command::Ssh { ident } => {
|
||||||
print_ssh(ident)?;
|
print_ssh(cli.output_format, cli.output_version, ident)?;
|
||||||
}
|
}
|
||||||
cli::Command::Pubkey {
|
cli::Command::Pubkey {
|
||||||
ident,
|
ident,
|
||||||
user_pin,
|
user_pin,
|
||||||
user_id,
|
user_id,
|
||||||
} => {
|
} => {
|
||||||
print_pubkey(ident, user_pin, user_id)?;
|
print_pubkey(
|
||||||
|
cli.output_format,
|
||||||
|
cli.output_version,
|
||||||
|
ident,
|
||||||
|
user_pin,
|
||||||
|
user_id,
|
||||||
|
)?;
|
||||||
}
|
}
|
||||||
cli::Command::SetIdentity { ident, id } => {
|
cli::Command::SetIdentity { ident, id } => {
|
||||||
set_identity(&ident, id)?;
|
set_identity(&ident, id)?;
|
||||||
|
|
@ -89,15 +102,20 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
}
|
}
|
||||||
cli::Command::Attestation { cmd } => match cmd {
|
cli::Command::Attestation { cmd } => match cmd {
|
||||||
cli::AttCommand::Cert { ident } => {
|
cli::AttCommand::Cert { ident } => {
|
||||||
|
let mut output = output::AttestationCert::default();
|
||||||
|
|
||||||
let card = pick_card_for_reading(ident)?;
|
let card = pick_card_for_reading(ident)?;
|
||||||
|
|
||||||
let mut pgp = OpenPgp::new(card);
|
let mut pgp = OpenPgp::new(card);
|
||||||
let mut open = Open::new(pgp.transaction()?)?;
|
let mut open = Open::new(pgp.transaction()?)?;
|
||||||
|
output.ident(open.application_identifier()?.ident());
|
||||||
|
|
||||||
if let Ok(ac) = open.attestation_certificate() {
|
if let Ok(ac) = open.attestation_certificate() {
|
||||||
let pem = util::pem_encode(ac);
|
let pem = util::pem_encode(ac);
|
||||||
println!("{}", pem);
|
output.attestation_cert(pem);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
println!("{}", output.print(cli.output_format, cli.output_version)?);
|
||||||
}
|
}
|
||||||
cli::AttCommand::Generate {
|
cli::AttCommand::Generate {
|
||||||
ident,
|
ident,
|
||||||
|
|
@ -309,6 +327,8 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
let user_pin = util::get_pin(&mut open, user_pin, ENTER_USER_PIN);
|
let user_pin = util::get_pin(&mut open, user_pin, ENTER_USER_PIN);
|
||||||
|
|
||||||
generate_keys(
|
generate_keys(
|
||||||
|
cli.output_format,
|
||||||
|
cli.output_version,
|
||||||
open,
|
open,
|
||||||
admin_pin.as_deref(),
|
admin_pin.as_deref(),
|
||||||
user_pin.as_deref(),
|
user_pin.as_deref(),
|
||||||
|
|
@ -558,17 +578,27 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
fn list_cards() -> Result<()> {
|
fn output_versions(chosen: OutputVersion) {
|
||||||
|
for v in OUTPUT_VERSIONS.iter() {
|
||||||
|
if v == &chosen {
|
||||||
|
println!("* {}", v);
|
||||||
|
} else {
|
||||||
|
println!(" {}", v);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn list_cards(format: OutputFormat, output_version: OutputVersion) -> Result<()> {
|
||||||
let cards = util::cards()?;
|
let cards = util::cards()?;
|
||||||
|
let mut output = output::List::default();
|
||||||
if !cards.is_empty() {
|
if !cards.is_empty() {
|
||||||
for card in cards {
|
for card in cards {
|
||||||
let mut pgp = OpenPgp::new(card);
|
let mut pgp = OpenPgp::new(card);
|
||||||
let open = Open::new(pgp.transaction()?)?;
|
let open = Open::new(pgp.transaction()?)?;
|
||||||
println!(" {}", open.application_identifier()?.ident());
|
output.push(open.application_identifier()?.ident());
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
println!("No OpenPGP cards found.");
|
|
||||||
}
|
}
|
||||||
|
println!("{}", output.print(format, output_version)?);
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -595,7 +625,7 @@ fn pick_card_for_reading(ident: Option<String>) -> Result<Box<dyn CardBackend +
|
||||||
Err(anyhow::anyhow!("No cards found"))
|
Err(anyhow::anyhow!("No cards found"))
|
||||||
} else {
|
} else {
|
||||||
println!("Found {} cards:", cards.len());
|
println!("Found {} cards:", cards.len());
|
||||||
list_cards()?;
|
list_cards(OutputFormat::Text, OutputVersion::new(1, 0, 0))?;
|
||||||
|
|
||||||
println!();
|
println!();
|
||||||
println!("Specify which card to use with '--card <card ident>'");
|
println!("Specify which card to use with '--card <card ident>'");
|
||||||
|
|
@ -606,7 +636,16 @@ fn pick_card_for_reading(ident: Option<String>) -> Result<Box<dyn CardBackend +
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn print_status(ident: Option<String>, verbose: bool, pkm: bool) -> Result<()> {
|
fn print_status(
|
||||||
|
format: OutputFormat,
|
||||||
|
output_version: OutputVersion,
|
||||||
|
ident: Option<String>,
|
||||||
|
verbose: bool,
|
||||||
|
pkm: bool,
|
||||||
|
) -> Result<()> {
|
||||||
|
let mut output = output::Status::default();
|
||||||
|
output.verbose(verbose);
|
||||||
|
|
||||||
let card = pick_card_for_reading(ident)?;
|
let card = pick_card_for_reading(ident)?;
|
||||||
|
|
||||||
let mut pgp = OpenPgp::new(card);
|
let mut pgp = OpenPgp::new(card);
|
||||||
|
|
@ -615,61 +654,44 @@ fn print_status(ident: Option<String>, verbose: bool, pkm: bool) -> Result<()> {
|
||||||
let ard = pgpt.application_related_data()?;
|
let ard = pgpt.application_related_data()?;
|
||||||
|
|
||||||
let mut open = Open::new(pgpt)?;
|
let mut open = Open::new(pgpt)?;
|
||||||
|
output.ident(open.application_identifier()?.ident());
|
||||||
print!("OpenPGP card {}", open.application_identifier()?.ident());
|
|
||||||
|
|
||||||
let ai = open.application_identifier()?;
|
let ai = open.application_identifier()?;
|
||||||
let version = ai.version().to_be_bytes();
|
let version = ai.version().to_be_bytes();
|
||||||
println!(" (card version {}.{})\n", version[0], version[1]);
|
output.card_version(format!("{}.{}", version[0], version[1]));
|
||||||
|
|
||||||
// card / cardholder metadata
|
// card / cardholder metadata
|
||||||
let crd = open.cardholder_related_data()?;
|
let crd = open.cardholder_related_data()?;
|
||||||
|
|
||||||
// Remember if any cardholder information is printed (if so, we print a newline later)
|
|
||||||
let mut card_holder_output = false;
|
|
||||||
|
|
||||||
if let Some(name) = crd.name() {
|
if let Some(name) = crd.name() {
|
||||||
// FIXME: decoding as utf8 is wrong (the spec defines this field as latin1 encoded)
|
// FIXME: decoding as utf8 is wrong (the spec defines this field as latin1 encoded)
|
||||||
let name = String::from_utf8_lossy(name).to_string();
|
let name = String::from_utf8_lossy(name).to_string();
|
||||||
|
|
||||||
print!("Cardholder: ");
|
// // This field is silly, maybe ignore it?!
|
||||||
|
// if let Some(sex) = crd.sex() {
|
||||||
// This field is silly, maybe ignore it?!
|
// if sex == Sex::Male {
|
||||||
if let Some(sex) = crd.sex() {
|
// print!("Mr. ");
|
||||||
if sex == Sex::Male {
|
// } else if sex == Sex::Female {
|
||||||
print!("Mr. ");
|
// print!("Mrs. ");
|
||||||
} else if sex == Sex::Female {
|
// }
|
||||||
print!("Mrs. ");
|
// }
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// re-format name ("last<<first")
|
// re-format name ("last<<first")
|
||||||
let name: Vec<_> = name.split("<<").collect();
|
let name: Vec<_> = name.split("<<").collect();
|
||||||
let name = name.iter().cloned().rev().collect::<Vec<_>>().join(" ");
|
let name = name.iter().cloned().rev().collect::<Vec<_>>().join(" ");
|
||||||
|
|
||||||
println!("{}", name);
|
output.card_holder(name);
|
||||||
|
|
||||||
card_holder_output = true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
let url = open.url()?;
|
let url = open.url()?;
|
||||||
if !url.is_empty() {
|
if !url.is_empty() {
|
||||||
println!("URL: {}", url);
|
output.url(url);
|
||||||
card_holder_output = true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Some(lang) = crd.lang() {
|
if let Some(lang) = crd.lang() {
|
||||||
let l = lang
|
for lang in lang {
|
||||||
.iter()
|
output.language_preference(format!("{}", lang));
|
||||||
.map(|l| format!("{}", l))
|
}
|
||||||
.collect::<Vec<_>>()
|
|
||||||
.join(", ");
|
|
||||||
println!("Language preferences: '{}'", l);
|
|
||||||
card_holder_output = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
if card_holder_output {
|
|
||||||
println!();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// key information (imported vs. generated on card)
|
// key information (imported vs. generated on card)
|
||||||
|
|
@ -682,152 +704,131 @@ fn print_status(ident: Option<String>, verbose: bool, pkm: bool) -> Result<()> {
|
||||||
let fps = open.fingerprints()?;
|
let fps = open.fingerprints()?;
|
||||||
let kgt = open.key_generation_times()?;
|
let kgt = open.key_generation_times()?;
|
||||||
|
|
||||||
println!("Signature key");
|
let mut signature_key = output::KeySlotInfo::default();
|
||||||
if let Some(fp) = fps.signature() {
|
if let Some(fp) = fps.signature() {
|
||||||
println!(" Fingerprint: {}", fp.to_spaced_hex());
|
signature_key.fingerprint(fp.to_spaced_hex());
|
||||||
}
|
}
|
||||||
println! {" Algorithm: {}", open.algorithm_attributes(KeyType::Signing)?};
|
signature_key.algorithm(format!("{}", open.algorithm_attributes(KeyType::Signing)?));
|
||||||
if let Some(kgt) = kgt.signature() {
|
if let Some(kgt) = kgt.signature() {
|
||||||
println! {" Created: {}", kgt.to_datetime()};
|
signature_key.created(format!("{}", kgt.to_datetime()));
|
||||||
}
|
}
|
||||||
if verbose {
|
if let Some(uif) = ard.uif_pso_cds()? {
|
||||||
if let Some(uif) = ard.uif_pso_cds()? {
|
signature_key.touch_policy(format!("{}", uif.touch_policy()));
|
||||||
println!(
|
signature_key.touch_features(format!("{}", uif.features()));
|
||||||
" Touch policy: {} [Features: {}]",
|
}
|
||||||
uif.touch_policy(),
|
if let Some(ks) = ki.as_ref().map(|ki| ki.sig_status()) {
|
||||||
uif.features()
|
signature_key.status(format!("{}", ks));
|
||||||
);
|
|
||||||
}
|
|
||||||
if let Some(ks) = ki.as_ref().map(|ki| ki.sig_status()) {
|
|
||||||
println!(" Key Status: {}", ks);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if verbose {
|
if pws.pw1_cds_valid_once() {
|
||||||
if pws.pw1_cds_valid_once() {
|
signature_key.pin_valid_once();
|
||||||
println!(" User PIN presentation valid for one signature");
|
|
||||||
} else {
|
|
||||||
println!(" User PIN presentation valid for unlimited signatures");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
let sst = open.security_support_template()?;
|
|
||||||
println!(" Signatures made: {}", sst.signature_count());
|
|
||||||
|
|
||||||
if pkm {
|
if pkm {
|
||||||
if let Ok(pkm) = open.public_key(KeyType::Signing) {
|
if let Ok(pkm) = open.public_key(KeyType::Signing) {
|
||||||
println! {" Public key material: {}", pkm};
|
signature_key.public_key_material(pkm.to_string());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
println!();
|
output.signature_key(signature_key);
|
||||||
println!("Decryption key");
|
|
||||||
|
let sst = open.security_support_template()?;
|
||||||
|
output.signature_count(sst.signature_count());
|
||||||
|
|
||||||
|
let mut decryption_key = output::KeySlotInfo::default();
|
||||||
if let Some(fp) = fps.decryption() {
|
if let Some(fp) = fps.decryption() {
|
||||||
println!(" Fingerprint: {}", fp.to_spaced_hex());
|
decryption_key.fingerprint(fp.to_spaced_hex());
|
||||||
}
|
}
|
||||||
println! {" Algorithm: {}", open.algorithm_attributes(KeyType::Decryption)?};
|
decryption_key.algorithm(format!(
|
||||||
|
"{}",
|
||||||
|
open.algorithm_attributes(KeyType::Decryption)?
|
||||||
|
));
|
||||||
if let Some(kgt) = kgt.decryption() {
|
if let Some(kgt) = kgt.decryption() {
|
||||||
println! {" Created: {}", kgt.to_datetime()};
|
decryption_key.created(format!("{}", kgt.to_datetime()));
|
||||||
}
|
}
|
||||||
if verbose {
|
if let Some(uif) = ard.uif_pso_dec()? {
|
||||||
if let Some(uif) = ard.uif_pso_dec()? {
|
decryption_key.touch_policy(format!("{}", uif.touch_policy()));
|
||||||
println!(
|
decryption_key.touch_features(format!("{}", uif.features()));
|
||||||
" Touch policy: {} [Features: {}]",
|
}
|
||||||
uif.touch_policy(),
|
if let Some(ks) = ki.as_ref().map(|ki| ki.dec_status()) {
|
||||||
uif.features()
|
decryption_key.status(format!("{}", ks));
|
||||||
);
|
|
||||||
}
|
|
||||||
if let Some(ks) = ki.as_ref().map(|ki| ki.dec_status()) {
|
|
||||||
println!(" Key Status: {}", ks);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if pkm {
|
if pkm {
|
||||||
if let Ok(pkm) = open.public_key(KeyType::Decryption) {
|
if let Ok(pkm) = open.public_key(KeyType::Decryption) {
|
||||||
println! {" Public key material: {}", pkm};
|
decryption_key.public_key_material(pkm.to_string());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
output.decryption_key(decryption_key);
|
||||||
|
|
||||||
println!();
|
let mut authentication_key = output::KeySlotInfo::default();
|
||||||
println!("Authentication key");
|
|
||||||
if let Some(fp) = fps.authentication() {
|
if let Some(fp) = fps.authentication() {
|
||||||
println!(" Fingerprint: {}", fp.to_spaced_hex());
|
authentication_key.fingerprint(fp.to_spaced_hex());
|
||||||
}
|
}
|
||||||
println! {" Algorithm: {}", open.algorithm_attributes(KeyType::Authentication)?};
|
authentication_key.algorithm(format!(
|
||||||
|
"{}",
|
||||||
|
open.algorithm_attributes(KeyType::Authentication)?
|
||||||
|
));
|
||||||
if let Some(kgt) = kgt.authentication() {
|
if let Some(kgt) = kgt.authentication() {
|
||||||
println! {" Created: {}", kgt.to_datetime()};
|
authentication_key.created(format!("{}", kgt.to_datetime()));
|
||||||
}
|
}
|
||||||
if verbose {
|
if let Some(uif) = ard.uif_pso_aut()? {
|
||||||
if let Some(uif) = ard.uif_pso_aut()? {
|
authentication_key.touch_policy(format!("{}", uif.touch_policy()));
|
||||||
println!(
|
authentication_key.touch_features(format!("{}", uif.features()));
|
||||||
" Touch policy: {} [Features: {}]",
|
}
|
||||||
uif.touch_policy(),
|
if let Some(ks) = ki.as_ref().map(|ki| ki.aut_status()) {
|
||||||
uif.features()
|
authentication_key.status(format!("{}", ks));
|
||||||
);
|
|
||||||
}
|
|
||||||
if let Some(ks) = ki.as_ref().map(|ki| ki.aut_status()) {
|
|
||||||
println!(" Key Status: {}", ks);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if pkm {
|
if pkm {
|
||||||
if let Ok(pkm) = open.public_key(KeyType::Authentication) {
|
if let Ok(pkm) = open.public_key(KeyType::Authentication) {
|
||||||
println! {" public key material: {}", pkm};
|
authentication_key.public_key_material(pkm.to_string());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
output.authentication_key(authentication_key);
|
||||||
|
|
||||||
// technical details about the card's state
|
// technical details about the card's state
|
||||||
|
|
||||||
println!();
|
output.user_pin_remaining_attempts(pws.err_count_pw1());
|
||||||
|
output.admin_pin_remaining_attempts(pws.err_count_pw3());
|
||||||
|
output.reset_code_remaining_attempts(pws.err_count_rc());
|
||||||
|
|
||||||
println!(
|
// FIXME: Handle attestation key information as a separate
|
||||||
"Remaining PIN attempts: User: {}, Admin: {}, Reset Code: {}",
|
// KeySlotInfo! Attestation touch information should go into its
|
||||||
pws.err_count_pw1(),
|
// own `Option<KeySlotInfo>`, and (if any information about the
|
||||||
pws.err_count_pw3(),
|
// attestation key exists at all, which is not the case for most
|
||||||
pws.err_count_rc(),
|
// cards) it should be printed as a fourth KeySlot block.
|
||||||
);
|
if let Some(uif) = ard.uif_attestation()? {
|
||||||
|
output.card_touch_policy(uif.touch_policy().to_string());
|
||||||
|
output.card_touch_features(uif.features().to_string());
|
||||||
|
}
|
||||||
|
|
||||||
if verbose {
|
if let Some(ki) = ki {
|
||||||
println!();
|
let num = ki.num_additional();
|
||||||
|
for i in 0..num {
|
||||||
if let Some(uif) = ard.uif_attestation()? {
|
output.key_status(ki.additional_ref(i), ki.additional_status(i).to_string());
|
||||||
println!(
|
|
||||||
"Touch policy attestation: {} [Features: {}]",
|
|
||||||
uif.touch_policy(),
|
|
||||||
uif.features()
|
|
||||||
);
|
|
||||||
println!();
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if let Some(ki) = ki {
|
if let Ok(fps) = ard.ca_fingerprints() {
|
||||||
let num = ki.num_additional();
|
for fp in fps.iter().flatten() {
|
||||||
for i in 0..num {
|
output.ca_fingerprint(fp.to_string());
|
||||||
println!(
|
|
||||||
"Key Status (#{}): {}",
|
|
||||||
ki.additional_ref(i),
|
|
||||||
ki.additional_status(i)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if num > 0 {
|
|
||||||
println!();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if let Ok(fps) = ard.ca_fingerprints() {
|
|
||||||
for (num, fp) in fps.iter().enumerate() {
|
|
||||||
if let Some(fp) = fp {
|
|
||||||
println!("CA fingerprint {}: {:x?}", num + 1, fp);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// FIXME: print "Login Data"
|
// FIXME: print "Login Data"
|
||||||
|
|
||||||
|
println!("{}", output.print(format, output_version)?);
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
/// print metadata information about a card
|
/// print metadata information about a card
|
||||||
fn print_info(ident: Option<String>) -> Result<()> {
|
fn print_info(
|
||||||
|
format: OutputFormat,
|
||||||
|
output_version: OutputVersion,
|
||||||
|
ident: Option<String>,
|
||||||
|
) -> Result<()> {
|
||||||
|
let mut output = output::Info::default();
|
||||||
|
|
||||||
let card = pick_card_for_reading(ident)?;
|
let card = pick_card_for_reading(ident)?;
|
||||||
|
|
||||||
let mut pgp = OpenPgp::new(card);
|
let mut pgp = OpenPgp::new(card);
|
||||||
|
|
@ -835,36 +836,44 @@ fn print_info(ident: Option<String>) -> Result<()> {
|
||||||
|
|
||||||
let ai = open.application_identifier()?;
|
let ai = open.application_identifier()?;
|
||||||
|
|
||||||
print!("OpenPGP card {}", ai.ident());
|
output.ident(ai.ident());
|
||||||
|
|
||||||
let version = ai.version().to_be_bytes();
|
let version = ai.version().to_be_bytes();
|
||||||
println!(" (card version {}.{})\n", version[0], version[1]);
|
output.card_version(format!("{}.{}", version[0], version[1]));
|
||||||
|
|
||||||
println!("Application Identifier: {}", ai);
|
output.application_id(ai.to_string());
|
||||||
println!(
|
output.manufacturer_id(format!("{:04X}", ai.manufacturer()));
|
||||||
"Manufacturer [{:04X}]: {}\n",
|
output.manufacturer_name(ai.manufacturer_name().to_string());
|
||||||
ai.manufacturer(),
|
|
||||||
ai.manufacturer_name()
|
|
||||||
);
|
|
||||||
|
|
||||||
if let Some(cc) = open.historical_bytes()?.card_capabilities() {
|
if let Some(cc) = open.historical_bytes()?.card_capabilities() {
|
||||||
println!("Card Capabilities:\n{}", cc);
|
for line in cc.to_string().lines() {
|
||||||
|
let line = line.strip_prefix("- ").unwrap_or(line);
|
||||||
|
output.card_capability(line.to_string());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if let Some(csd) = open.historical_bytes()?.card_service_data() {
|
if let Some(csd) = open.historical_bytes()?.card_service_data() {
|
||||||
println!("Card service data:\n{}", csd);
|
output.card_service_data(csd.to_string());
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Some(eli) = open.extended_length_information()? {
|
if let Some(eli) = open.extended_length_information()? {
|
||||||
println!("Extended Length Info:\n{}", eli);
|
for line in eli.to_string().lines() {
|
||||||
|
let line = line.strip_prefix("- ").unwrap_or(line);
|
||||||
|
output.extended_length_info(line.to_string());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let ec = open.extended_capabilities()?;
|
let ec = open.extended_capabilities()?;
|
||||||
println!("Extended Capabilities:\n{}", ec);
|
for line in ec.to_string().lines() {
|
||||||
|
let line = line.strip_prefix("- ").unwrap_or(line);
|
||||||
|
output.extended_capability(line.to_string());
|
||||||
|
}
|
||||||
|
|
||||||
// Algorithm information (list of supported algorithms)
|
// Algorithm information (list of supported algorithms)
|
||||||
if let Ok(Some(ai)) = open.algorithm_information() {
|
if let Ok(Some(ai)) = open.algorithm_information() {
|
||||||
println!("Supported algorithms:");
|
for line in ai.to_string().lines() {
|
||||||
println!("{}", ai);
|
let line = line.strip_prefix("- ").unwrap_or(line);
|
||||||
|
output.algorithm(line.to_string());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// FIXME: print KDF info
|
// FIXME: print KDF info
|
||||||
|
|
@ -872,55 +881,63 @@ fn print_info(ident: Option<String>) -> Result<()> {
|
||||||
// YubiKey specific (?) firmware version
|
// YubiKey specific (?) firmware version
|
||||||
if let Ok(ver) = open.firmware_version() {
|
if let Ok(ver) = open.firmware_version() {
|
||||||
let ver = ver.iter().map(u8::to_string).collect::<Vec<_>>().join(".");
|
let ver = ver.iter().map(u8::to_string).collect::<Vec<_>>().join(".");
|
||||||
|
output.firmware_version(ver);
|
||||||
println!("Firmware Version: {}\n", ver);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
println!("{}", output.print(format, output_version)?);
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
fn print_ssh(ident: Option<String>) -> Result<()> {
|
fn print_ssh(
|
||||||
|
format: OutputFormat,
|
||||||
|
output_version: OutputVersion,
|
||||||
|
ident: Option<String>,
|
||||||
|
) -> Result<()> {
|
||||||
|
let mut output = output::Ssh::default();
|
||||||
|
|
||||||
let card = pick_card_for_reading(ident)?;
|
let card = pick_card_for_reading(ident)?;
|
||||||
|
|
||||||
let mut pgp = OpenPgp::new(card);
|
let mut pgp = OpenPgp::new(card);
|
||||||
let mut open = Open::new(pgp.transaction()?)?;
|
let mut open = Open::new(pgp.transaction()?)?;
|
||||||
|
|
||||||
let ident = open.application_identifier()?.ident();
|
let ident = open.application_identifier()?.ident();
|
||||||
|
output.ident(ident.clone());
|
||||||
println!("OpenPGP card {}", ident);
|
|
||||||
|
|
||||||
// Print fingerprint of authentication subkey
|
// Print fingerprint of authentication subkey
|
||||||
let fps = open.fingerprints()?;
|
let fps = open.fingerprints()?;
|
||||||
|
|
||||||
println!();
|
|
||||||
if let Some(fp) = fps.authentication() {
|
if let Some(fp) = fps.authentication() {
|
||||||
println!("Authentication key fingerprint:\n{}", fp);
|
output.authentication_key_fingerprint(fp.to_string());
|
||||||
}
|
}
|
||||||
|
|
||||||
// Show authentication subkey as openssh public key string
|
// Show authentication subkey as openssh public key string
|
||||||
if let Ok(pkm) = open.public_key(KeyType::Authentication) {
|
if let Ok(pkm) = open.public_key(KeyType::Authentication) {
|
||||||
if let Ok(ssh) = util::get_ssh_pubkey_string(&pkm, ident) {
|
if let Ok(ssh) = util::get_ssh_pubkey_string(&pkm, ident) {
|
||||||
println!();
|
output.ssh_public_key(ssh);
|
||||||
println!("SSH public key:\n{}", ssh);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
println!("{}", output.print(format, output_version)?);
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
fn print_pubkey(
|
fn print_pubkey(
|
||||||
|
format: OutputFormat,
|
||||||
|
output_version: OutputVersion,
|
||||||
ident: Option<String>,
|
ident: Option<String>,
|
||||||
user_pin: Option<PathBuf>,
|
user_pin: Option<PathBuf>,
|
||||||
user_ids: Vec<String>,
|
user_ids: Vec<String>,
|
||||||
) -> Result<()> {
|
) -> Result<()> {
|
||||||
|
let mut output = output::PublicKey::default();
|
||||||
|
|
||||||
let card = pick_card_for_reading(ident)?;
|
let card = pick_card_for_reading(ident)?;
|
||||||
|
|
||||||
let mut pgp = OpenPgp::new(card);
|
let mut pgp = OpenPgp::new(card);
|
||||||
let mut open = Open::new(pgp.transaction()?)?;
|
let mut open = Open::new(pgp.transaction()?)?;
|
||||||
|
|
||||||
let ident = open.application_identifier()?.ident();
|
let ident = open.application_identifier()?.ident();
|
||||||
|
output.ident(ident);
|
||||||
println!("OpenPGP card {}", ident);
|
|
||||||
|
|
||||||
let user_pin = util::get_pin(&mut open, user_pin, ENTER_USER_PIN);
|
let user_pin = util::get_pin(&mut open, user_pin, ENTER_USER_PIN);
|
||||||
|
|
||||||
|
|
@ -971,8 +988,9 @@ fn print_pubkey(
|
||||||
)?;
|
)?;
|
||||||
|
|
||||||
let armored = String::from_utf8(cert.armored().to_vec()?)?;
|
let armored = String::from_utf8(cert.armored().to_vec()?)?;
|
||||||
println!("{}", armored);
|
output.public_key(armored);
|
||||||
|
|
||||||
|
println!("{}", output.print(format, output_version)?);
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1096,15 +1114,20 @@ fn get_cert(
|
||||||
|
|
||||||
#[allow(clippy::too_many_arguments)]
|
#[allow(clippy::too_many_arguments)]
|
||||||
fn generate_keys(
|
fn generate_keys(
|
||||||
|
format: OutputFormat,
|
||||||
|
version: OutputVersion,
|
||||||
mut open: Open,
|
mut open: Open,
|
||||||
admin_pin: Option<&[u8]>,
|
admin_pin: Option<&[u8]>,
|
||||||
user_pin: Option<&[u8]>,
|
user_pin: Option<&[u8]>,
|
||||||
output: Option<PathBuf>,
|
output_file: Option<PathBuf>,
|
||||||
decrypt: bool,
|
decrypt: bool,
|
||||||
auth: bool,
|
auth: bool,
|
||||||
algo: Option<String>,
|
algo: Option<String>,
|
||||||
user_ids: Vec<String>,
|
user_ids: Vec<String>,
|
||||||
) -> Result<()> {
|
) -> Result<()> {
|
||||||
|
let mut output = output::AdminGenerate::default();
|
||||||
|
output.ident(open.application_identifier()?.ident());
|
||||||
|
|
||||||
// 1) Interpret the user's choice of algorithm.
|
// 1) Interpret the user's choice of algorithm.
|
||||||
//
|
//
|
||||||
// Unset (None) means that the algorithm that is specified on the card
|
// Unset (None) means that the algorithm that is specified on the card
|
||||||
|
|
@ -1131,6 +1154,7 @@ fn generate_keys(
|
||||||
};
|
};
|
||||||
|
|
||||||
log::info!(" Key generation will be attempted with algo: {:?}", a);
|
log::info!(" Key generation will be attempted with algo: {:?}", a);
|
||||||
|
output.algorithm(format!("{:?}", a));
|
||||||
|
|
||||||
// 2) Then, generate keys on the card.
|
// 2) Then, generate keys on the card.
|
||||||
// We need "admin" access to the card for this).
|
// We need "admin" access to the card for this).
|
||||||
|
|
@ -1156,10 +1180,12 @@ fn generate_keys(
|
||||||
)?;
|
)?;
|
||||||
|
|
||||||
let armored = String::from_utf8(cert.armored().to_vec()?)?;
|
let armored = String::from_utf8(cert.armored().to_vec()?)?;
|
||||||
|
output.public_key(armored);
|
||||||
|
|
||||||
// Write armored certificate to the output file (or stdout)
|
// Write armored certificate to the output file (or stdout)
|
||||||
let mut output = util::open_or_stdout(output.as_deref())?;
|
let mut handle = util::open_or_stdout(output_file.as_deref())?;
|
||||||
output.write_all(armored.as_bytes())?;
|
handle.write_all(output.print(format, version)?.as_bytes())?;
|
||||||
|
let _ = handle.write(b"\n")?;
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue